confdb: Add UsrEtc support

Vendor provided configuration is installed in /usr/etc/sssd/sssd.conf.

Users can override it creating /etc/sssd/sssd.conf, or override defaults
dropping config snippets to /etc/sssd/conf.d/

Doc: https://en.opensuse.org/openSUSE:Packaging_UsrEtc

Signed-off-by: Samuel Cabrero <scabrero@suse.com>

Author: scabrero

Makefile.am

@@ -58,6 +58,7 @@ if BUILD_SAMBA
 winbindplugindir = @winbindpluginpath@
 endif
 sssdconfdir = $(sysconfdir)/sssd
+sssdvendordir = $(vendordir)/sssd
 sssddatadir = $(datadir)/sssd
 sssdapiplugindir = $(sssddatadir)/sssd.api.d
 sssdtapscriptdir = $(sssddatadir)/systemtap
@@ -558,6 +559,7 @@ AM_CPPFLAGS = \
     -DSSSDDATADIR=\"$(sssddatadir)\" \
     -DSSSD_LIBEXEC_PATH=\"$(sssdlibexecdir)\" \
     -DSSSD_CONF_DIR=\"$(sssdconfdir)\" \
+    -DSSSD_VENDOR_DIR=\"$(sssdvendordir)\" \
     -DSSS_NSS_MCACHE_DIR=\"$(mcpath)\" \
     -DSSS_NSS_SOCKET_NAME=\"$(pipepath)/nss\" \
     -DSSS_PAM_SOCKET_NAME=\"$(pipepath)/pam\" \
@@ -5296,6 +5298,7 @@ edit_cmd = $(SED) \
         -e 's|@nss_socket_user_group[@]|$(nss_socket_user_group)|g' \
         -e 's|@supplementary_groups[@]|$(supplementary_groups)|g' \
         -e 's|@sssdconfdir[@]|$(sssdconfdir)|g' \
+        -e 's|@sssdvendordir[@]|$(sssdvendordir)|g' \
         -e 's|@secdbpath[@]|$(secdbpath)|g' \
         -e 's|@dbpath[@]|$(dbpath)|g' \
         -e 's|@gpocachepath[@]|$(gpocachepath)|g'

configure.ac

@@ -542,6 +542,30 @@ AS_IF([test x$SETCAP == xfalse], [
     AC_MSG_WARN([setcap missing, capabilities cannot be set during make install])
 ])
 
+AC_ARG_WITH([vendordir],
+            AS_HELP_STRING([--with-vendordir=DIR], [Directory for distribution provided configuration files]),
+            [
+              case $with_vendordir in
+                /*)
+                ;;
+                *)
+                  AC_MSG_ERROR(You must specify an absolute path to --with-vendordir=DIR)
+                ;;
+              esac
+              vendordir="$with_vendordir"
+            ],
+            [ vendordir="/usr/etc" ])
+AC_DEFINE_UNQUOTED(VENDORDIR, ["$vendordir"], [Location of vendor configuration files])
+AC_SUBST(vendordir)
+
+AC_ARG_ENABLE([vendordir],
+              [AS_HELP_STRING([--enable-vendordir], [Enable support for distribution provided configuration files])],
+              [], [enable_vendordir=no])
+if test "$enable_vendordir" != no; then
+  AC_DEFINE(USE_VENDORDIR, 1, [Define if distribution provided configuration files should be used.])
+  AC_MSG_NOTICE([Used vendor dir: $VENDORDIR])
+fi
+
 AC_PATH_PROG([DOXYGEN], [doxygen], [false])
 AM_CONDITIONAL([HAVE_DOXYGEN], [test x$DOXYGEN != xfalse ])
 

src/confdb/confdb.h

@@ -43,6 +43,7 @@
 #define CONFDB_KCM_FILE "config_kcm.ldb"
 #define SSSD_CONFIG_FILE_NAME "sssd.conf"
 #define SSSD_CONFIG_FILE SSSD_CONF_DIR"/"SSSD_CONFIG_FILE_NAME
+#define SSSD_VENDOR_CONFIG_FILE SSSD_VENDOR_DIR"/"SSSD_CONFIG_FILE_NAME
 #define CONFDB_DEFAULT_CONFIG_DIR_NAME "conf.d"
 #define CONFDB_DEFAULT_CONFIG_DIR SSSD_CONF_DIR"/"CONFDB_DEFAULT_CONFIG_DIR_NAME
 #define SSSD_MIN_ID 1

src/monitor/monitor.c

@@ -46,6 +46,10 @@
 #include <systemd/sd-daemon.h>
 #endif
 
+#ifdef USE_VENDORDIR
+#include <sys/stat.h>
+#endif
+
 #define MONITOR_VERSION 0x0001
 
 /* TODO: get the restart related values from config */
@@ -1812,7 +1816,15 @@ int main(int argc, const char *argv[])
     if (opt_config_file) {
         config_file = talloc_strdup(tmp_ctx, opt_config_file);
     } else {
+#ifdef USE_VENDORDIR
+        struct stat stats = { 0 } ;
+#endif /* USE_VENDORDIR */
         config_file = talloc_strdup(tmp_ctx, SSSD_CONFIG_FILE);
+#ifdef USE_VENDORDIR
+        if (stat(config_file, &stats) < 0 && errno == ENOENT) {
+            config_file = talloc_strdup(tmp_ctx, SSSD_VENDOR_CONFIG_FILE);
+        }
+#endif /* USE_VENDORDIR */
     }
     if (config_file == NULL) {
         ret = 2;

src/responder/kcm/kcm.c

@@ -32,6 +32,10 @@
 #include "util/util.h"
 #include "util/sss_krb5.h"
 
+#ifdef USE_VENDORDIR
+#include <sys/stat.h>
+#endif
+
 #define DEFAULT_KCM_FD_LIMIT 2048
 #define DEFAULT_KCM_CLI_IDLE_TIMEOUT 300
 
@@ -396,7 +400,15 @@ int main(int argc, const char *argv[])
     DEBUG_INIT(debug_level, opt_logger);
 
      if (opt_config_file == NULL) {
+#ifdef USE_VENDORDIR
+        struct stat stats = { 0 } ;
+#endif /* USE_VENDORDIR */
         config_file = SSSD_CONFIG_FILE;
+#ifdef USE_VENDORDIR
+        if (stat(config_file, &stats) < 0 && errno == ENOENT) {
+            config_file = SSSD_VENDOR_CONFIG_FILE;
+        }
+#endif /* USE_VENDORDIR */
     } else {
         config_file = opt_config_file;
     }

src/tools/sssctl/sssctl_config.c

@@ -70,7 +70,15 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
     }
 
     if (config_path == NULL) {
+#ifdef USE_VENDORDIR
+        struct stat stats = { 0 } ;
+#endif /* USE_VENDORDIR */
         config_path = SSSD_CONFIG_FILE;
+#ifdef USE_VENDORDIR
+        if (stat(config_path, &stats) < 0 && errno == ENOENT) {
+            config_path = SSSD_VENDOR_CONFIG_FILE;
+        }
+#endif /* USE_VENDORDIR */
     }
 
     if (config_snippet_path == NULL) {